[winpcap] tcp_header

// tcp_header.c

#include "pcap.h"

typedef struct mac_address {

u_char byte1;

u_char byte2;

u_char byte3;

u_char byte4;

u_char byte5;

u_char byte6;

}mac;

#define ETHER_ADDR_LEN 6

struct ether_header

{

u_char ether_dhost[ETHER_ADDR_LEN];

u_char ether_shost[ETHER_ADDR_LEN];

u_short ether_type;

}eth;

typedef struct ip_address

{

u_char byte1;

u_char byte2;

u_char byte3;

u_char byte4;

}ip_address;

typedef struct ip_header

{

u_char ver_ihl;

u_char tos;

u_short tlen;

u_short identification;

u_short flags_fo;

u_char ttl;

u_char proto;

u_short crc;

ip_address saddr;

ip_address daddr;

u_int op_pad;

}ip_header;

typedef struct tcp_header

{

u_short sport;

u_short dport;

u_int seqnum;

u_int acknum;

u_char th_off;

u_char flags;

u_short win;

u_short crc;

u_short urgptr;

}tcp_header;

void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data);

main()

{

pcap_if_t *alldevs;

pcap_if_t *d;

int inum;

int i = 0;

pcap_t *adhandle;

char errbuf[PCAP_ERRBUF_SIZE];

u_int netmask;

char packet_filter[] = ""; // 원하는 필터 정보 설정 (ex. "tcp")

struct bpf_program fcode;

if(pcap_findalldevs(&alldevs, errbuf) == -1) // 랜카드 검색

{

fprintf(stderr, "Error in pcap_findalldevs: %s\n", errbuf);

exit(1);

}

for(d=alldevs; d; d=d->next) // 검색된 랜카드 정보 출력

{

printf("%d. %s", ++i, d->name);

if(d -> description)

printf(" (%s)\n", d->description);

else

printf(" (No description available)\n");

}

if(i==0)

{

printf("\nNo interfaces found! Make sure WinPcap is installed.\n");

return -1;

}

printf("nic 카드 선택하세요..(1-%d):", i);

scanf("%d", &inum); // 랜카드 선택

if(inum < 1 || inum > i)

{

printf("\nInterface number out of range.\n");

pcap_freealldevs(alldevs);

return -1;

}

for(d = alldevs, i=0; i<inum-1; d=d->next, i++);

if((adhandle=pcap_open_live(d->name, 65536, 1, 1000, errbuf)) == NULL) // 네트워크 패킷을 수집하기 위한 방법 설정

{

fprintf(stderr, "\n %s isn't supported by winpcap \n", d->name);

return -1;

}

if(pcap_compile(adhandle, &fcode, packet_filter, 1, netmask) < 0) // 사용자가 정의한 필터링 룰을 bpf_program 구조체에 저장하여, 특정 프로토콜만을 선별적으로 수집

{

fprintf(stderr, "\nUnable to compile the packet filter. Check the syntax.\n");

pcap_freealldevs(alldevs);

return -1;

}

if(pcap_setfilter(adhandle, &fcode) < 0)

{

fprintf(stderr, "\nError setting the filter.\n");

pcap_freealldevs(alldevs);

return -1;

}

printf("\nlistening on %s...\n\n", d->description);

pcap_freealldevs(alldevs);

pcap_loop(adhandle, 0, packet_handler, NULL); // packet_handler() 함수 호출하여 패킷 수집

pcap_close(adhandle);

return 0;

}

void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data)

{

#define IP_HEADER 0x0800

#define ARP_HEADER 0x0806

#define REVERSE_ARP_HEADER 0x0835

unsigned int ptype;

mac* srcmac;

mac* destmac;

destmac = (mac*)pkt_data;

srcmac = (mac*)(pkt_data+6);

struct ether_header* eth;

eth = (struct ether_header*)pkt_data;

ptype = ntohs(eth->ether_type);

ip_header* ih;

u_int ip_len;

ih = (ip_header*)(pkt_data+14);

ip_len = (ih->ver_ihl & 0xf) * 4;

printf("*************** Ethernet Frame Header ***************\n\n\n");

printf("Destination Mac Address : %02x.%02x.%02x.%02x.%02x.%02x\n\n", destmac->byte1, destmac->byte2, destmac->byte3, destmac->byte4, destmac->byte5, destmac->byte6);

printf("Source Mac Address :  %02x.%02x.%02x.%02x.%02x.%02x\n\n", srcmac->byte1, srcmac->byte2, srcmac->byte3, srcmac->byte4, srcmac->byte5, srcmac->byte6);

if(ntohs(eth->ether_type) == IP_HEADER)

{

printf("Upper Protocol is IP Header(%04x)\n", ptype);

}

else if(ntohs(eth->ether_type) == ARP_HEADER)

{

printf("Upper Protocol is ARP Header(%04x)\n", ptype);

}

else if(ntohs(eth->ether_type) == REVERSE_ARP_HEADER)

{

printf("Upper Protocol is REVERSE ARP HEADER Header(%04x)\n", ptype);

}

else

{

printf("Upper Protocol isUnknown(%04x)\n", ptype);

}

if(ntohs(eth->ether_type) == IP_HEADER)

{

printf("\n\n--------------------- IP Header ---------------------\n\n\n");

printf("Destination IP Address : %d.%d.%d.%d\n\n", ih->daddr.byte1, ih->daddr.byte2, ih->daddr.byte3, ih->daddr.byte4);

printf("Source IP Address : %d.%d.%d.%d\n\n", ih->saddr.byte1, ih->saddr.byte2, ih->saddr.byte3, ih->saddr.byte4);

if(ih->proto == 6)

{

printf("Upper Protocol is TCP\n\n");

tcp_header *th;

th = (tcp_header*)((u_char*)ih+ip_len);

#define SYN 0x02

#define PUSH 0x08

#define ACK 0x10

#define SYN_ACK 0x12

#define PUSH_ACK 0x18

#define FIN_ACK 0x11

printf("\n\n--------------------- TCP Header ---------------------\n\n\n");

printf("Destination port number : %d\n", ntohs(th->dport));

printf("Source port number : %d\n", ntohs(th->sport));

if((th->flags) == SYN)

{

printf("Flags : SYN\n\n\n");

}

else if((th->flags) == PUSH)

{

printf("Flags : PUSH\n\n\n");

}

else if((th->flags) == ACK)

{

printf("Flags : ACK\n\n\n");

}

else if((th->flags) == SYN_ACK)

{

printf("Flags : SYN, ACK\n\n\n");

}

else if((th->flags) == PUSH_ACK)

{

printf("Flags : PUSH, ACK\n\n\n");

}

else if((th->flags) == FIN_ACK)

{

printf("Flags : FIN, ACK\n\n\n");

}

else

{

printf("Flags(Unknown) : %04x\n\n\n", th->flags);

}

}

else if(ih->proto == 11)

printf("Upper Protocol is UDP\n\n");

else if(ih->proto == 1)

printf("Upper Protocol is ICMP\n\n");

else

printf("Upper Protocol is Unknown\n\n");

}

else

{

printf("\n\n------------------- NO IP Header -------------------\n\n\n");

}

printf("\n*****************************************************\n\n\n\n");

}